CVE-2021-22731

CRITICAL

Modicon Managed Switch <V8.21 - Info Disclosure

Title source: llm

Description

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

References (1)

[Patch, Vendor Advisory] https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01

Scores

CVSS v3 9.8

EPSS 0.0088

EPSS Percentile 75.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (16)

schneider-electric/mcsesm043f23f0_firmware < 8.22

schneider-electric/mcsesm053f1cs0_firmware < 8.22

schneider-electric/mcsesm053f1cu0_firmware < 8.22

schneider-electric/mcsesm063f2cs0_firmware < 8.22

schneider-electric/mcsesm063f2cu0_firmware < 8.22

schneider-electric/mcsesm083f23f0_firmware < 8.22

schneider-electric/mcsesm083f23f0h_firmware < 8.22

schneider-electric/mcsesm093f1cs0_firmware < 8.22

schneider-electric/mcsesm093f1cu0_firmware < 8.22

schneider-electric/mcsesm103f2cs0_firmware < 8.22

... and 6 more

Published May 26, 2021

Tracked Since Feb 18, 2026